[***] Summary: [***]
9 new Open rules. 27 new Pro rules. (9/18). MS Tuesday Coverage, Redkit, Cfusion, BHEK, Cdorked, Outdated Flash, etc.
#MS Tuesday Coverage
http://www.emergingthreats.net/2013/05/14/may-2013-microsoft-tuesday-coverage/
[+++] Added rules: [+++]
Open:
2016842 – ET WEB_SERVER ColdFusion scheduletasks access (web_server.rules)
2016843 – ET WEB_SERVER ColdFusion scheduleedit access (web_server.rules)
2016844 – ET TROJAN Trojan-Downloader.Win32.AutoIt.mj Checkin (trojan.rules)
2016845 – ET WEB_SERVER HTTPing Usage Inbound (web_server.rules)
2016846 – ET INFO Possible Firefox Plugin install (info.rules)
2016847 – ET INFO Possible Chrome Plugin install (info.rules)
2016848 – ET CURRENT_EVENTS BlackHole Java Exploit Artifact (current_events.rules)
2016849 – ET TROJAN Worm.Win32.Ngrbot.lof Join IRC channel (trojan.rules)
2016850 – ET TROJAN Possible Linux/Cdorked.A CnC (trojan.rules)
Pro:
2806234 – ETPRO WEB_CLIENT Windows Live Essentials Insecure URI Handler CVE-2013-0096 (web_client.rules)
2806348 – ETPRO TROJAN Trojan.Win32.Swisyn.vlj Checkin (trojan.rules)
2806349 – ETPRO TROJAN Trojan.Win32.Genome.xqos Checkin (trojan.rules)
2806350 – ETPRO TROJAN Trojan-Proxy.Win32.Daemonize.bv Checkin (trojan.rules)
2806351 – ETPRO TROJAN Trojan-Dropper.Win32.Dapato.bzwo Checkin (trojan.rules)
2806352 – ETPRO TROJAN Backdoor.Win32.IRCBot.gq Checkin (trojan.rules)
2806353 – ETPRO TROJAN Win32.Troj.Cidox Checkin (trojan.rules)
2806354 – ETPRO WEB_CLIENT Possible Microsoft Visio information disclosure (web_client.rules)
2806355 – ETPRO WEB_CLIENT Microsoft Internet Explorer cross-domain JSON file content disclosure (web_client.rules)
2806356 – ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free (web_client.rules)
2806357 – ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free (web_client.rules)
2806358 – ETPRO WEB_CLIENT Possible Microsoft Internet Explorer VML Use After Free 2 CVE-2013-2551 (web_client.rules)
2806359 – ETPRO WEB_CLIENT Possible Microsoft Internet Explorer VML Use After Free 1 CVE-2013-2551 (web_client.rules)
2806360 – ETPRO DOS Microsoft Windows Server 2012 Denial of Service (dos.rules)
2806361 – ETPRO TROJAN Net-Worm.Win32.Opasoft.s Checkin (trojan.rules)
2806362 – ETPRO TROJAN Trojan-Dropper.MSIL.Agent.aiqd Checkin (trojan.rules)
2806363 – ETPRO TROJAN Win32/Bedobot.C / Trojan-Downloader.Win32.Banload.bsgo Checkin (trojan.rules)
2806364 – ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free (web_client.rules)
[///] Modified active rules: [///]
2014726 – ET POLICY Outdated Windows Flash Version IE (policy.rules)
2014727 – ET POLICY Outdated Mac Flash Version (policy.rules)
2016431 – ET TROJAN Win32/Tosct.B UA Mandiant APT1 Related (trojan.rules)
2016458 – ET TROJAN WEBC2-RAVE UA (trojan.rules)
2016588 – ET CURRENT_EVENTS Redkit Jar Naming Pattern March 03 2013 (current_events.rules)
2016811 – ET CURRENT_EVENTS – Possible Redkit 1-4 char JNLP request (current_events.rules)
2804966 – ETPRO TROJAN Backdoor Win32/Morix.B CnC Traffic (trojan.rules)